The last part of the incident response plan is reporting the
incident. The security team should take notes as the response is
happening and report all issues to organizations such as local and
federal authorities or multi-vendor software vulnerability portals,
such as the Common Vulnerabilities and Exposures site (CVE) at https://cve.mitre.org/. Depending on
the type of legal counsel an enterprise employs, a post-mortem analysis
may be required. Even if it is not a functional requirement to a
compromise analysis, a post-mortem can prove invaluable in helping to
learn how a cracker thinks and how the systems are structured so that
future compromises can be prevented.
